Monday, January 11, 2010

Jan 10 CVE-2009-4324 Adobe 0 Day with Backdoor:Win32/Bifrose.gen!E payload US-Taiwan Defense Industry Conference 2010 from Sun, 10 Jan 2010 14:05:41 +0800

Download 9cc4133139cac1c774c0bf5476b2ed56 - US-Taiwan Defense Industry Conference 2010.pdf  (password protected archive, please contact me for the password)
sbcdrx.exe - 287EAC0F1F5E9223922EBFF3308F138F,
sbcdrx.dat EC8903129642D3AEF3348B68D17624B5,
SysPr.prx - 4EF40422A092B40000C1FCA20A8D8E44

Details: 9cc4133139cac1c774c0bf5476b2ed56 - US-Taiwan Defense Industry Conference 2010.pdf

The message sender was
The message originating IP was The message recipients were
The message was titled US-Taiwan Defense Industry Conference 2010 The message date was Sun, 10 Jan 2010 14:05:41 +0800 The message identifier was <004b01ca91ba$f1087b90$9301a8c0@testacb8580da5>
The virus or unauthorised code identified in the email is:

File US-Taiwan_Defense_Industry_Confer received on 2010.01.11 05:02:52 (UTC)
Result: 16/41 (39.03%)
a-squared    2010.01.11    Exploit.HTML.IframeBof!IK
AntiVir    2010.01.10    HTML/Silly.Gen
Avast    4.8.1351.0    2010.01.10    JS:Pdfka-UQ
BitDefender    7.2    2010.01.11    Exploit.PDF-JS.Gen
F-Secure    9.0.15370.0    2010.01.11    Exploit.PDF-JS.Gen
GData    19    2010.01.11    Exploit.PDF-JS.Gen
Ikarus    T3.    2010.01.11    Exploit.HTML.IframeBof
Kaspersky    2010.01.11    Exploit.JS.Pdfka.ayg
McAfee+Artemis    5857    2010.01.10
McAfee-GW-Edition    6.8.5    2010.01.11    Script.Silly.Gen
NOD32    4759    2010.01.10    PDF/Exploit.Gen
Norman    6.04.03    2010.01.10    HTML/Shellcode.H
PCTools    2010.01.11    HeurEngine.MaliciousExploit
Sophos    4.49.0    2010.01.11    Troj/PDFJs-GL
Symantec    20091.2.0.41    2010.01.11    Bloodhound.Exploit.288
Additional information
File size: 146896 bytes
MD5...: 9cc4133139cac1c774c0bf5476b2ed56

File    US-Taiwan Defense Industry Conference 2010.pdf
MD5    9cc4133139cac1c774c0bf5476b2ed56
Analysis Started    2010-01-10 21:21:45
Report Generated    2010-01-10 21:22:03
Jsand 1.03.02    benign



File sbcdrx.exe received on 2010.01.11 05:36:39 (UTC)
Result: 17/40 (42.50%)
Compact Compact
Print results Print results
Antivirus     Version     Last Update     Result
AntiVir     2010.01.10     TR/Hijacker.Gen
Authentium     2010.01.10     W32/Heuristic-KPP!Eldorado
BitDefender     7.2     2010.01.11     Trojan.Inject.FA
CAT-QuickHeal     10.00     2010.01.11     (Suspicious) - DNAScan
F-Prot     2010.01.10     W32/Heuristic-KPP!Eldorado
F-Secure     9.0.15370.0     2010.01.11     Trojan.Inject.FA
GData     19     2010.01.11     Trojan.Inject.FA
Kaspersky     2010.01.11     Heur.Backdoor.Generic
Microsoft     1.5302     2010.01.10     Backdoor:Win32/Bifrose.gen!E
Panda     2010.01.10     Suspicious file
Rising     2010.01.11     Packer.Win32.UnkPacker.d
Symantec     20091.2.0.41     2010.01.11     Suspicious.Cloud
TrendMicro     2010.01.11     PAK_Generic.001
VBA32     2010.01.11     Backdoor.Win32.Bifrose.btqt

Additional information
File size: 92413 bytes
MD5   : 287eac0f1f5e9223922ebff3308f138f

 Anubis report on sbcdrx.exe

- Files Created:


- Files Read:


- Files Modified:


- Files Renamed:

Old Filename
New Filename

sbcdrx.exe - Process Activities

- Remote Threads Created:

Affected Process
C:\Program Files\Messenger\msmsgs.exe

- Foreign Memory Regions Written:

Process: C:\Program Files\Messenger\msmsgs.exe
Process: C:\WINDOWS\explorer.exe

3. msmsgs.exe

- General information about this executable

Analysis Reason:
sbcdrx.exe wrote to the virtual memory of this process 
Command Line:
"C:\Program Files\Messenger\msmsgs.exe" /background 

a) msmsgs.exe - Registry Activities

- Registry Keys Created:


msmsgs.exe - Network Activity

-  Unknown TCP Traffic:

from ANUBIS:1038 to
State: Connection established, not terminated - Transferred outbound Bytes: 159 - Transferred inbound Bytes: 97
ISP: CHTD, Chunghwa Telecom Co., Ltd. Organization: Chunghwa Telecom Data Communication Business Group City: Taipei

Text of the pdf file

2009 International Workshop of
Differential Equations and their
Da Hsuan Feng
Senior Executive Vice President Interim Vice President for Research and
National Cheng Kung University
I was asked by the organizers of this Workshop, my colleague Professor
Yung-fu Fang (方永富) to say a few words of welcome here.
The Workshop with the aforementioned title, is organized by NCKU’s
Department of Mathematics from the College of Science, National Center
for Theoretical Sciences (South) and a colleague, Professor Yuusuke Iso
(磯祐介) from Kyoto University’s Dept. of Applied Analysis and
Complex Dynamical Systems.
I am sure I was bestowed this great honor only because of my
administrative title, since I am transparently neither a mathematician nor
an applied mathematician. Still, I am a firm believer that if NCKU were to
achieve prominence as a comprehensive university, having an
intellectually robust mathematics and applied mathematics program
matters and it is non-negotiable! For this reason, I am very pleased to see
this Workshop is held here on campus.
Ladies and gentlemen, whenever I think about mathematics, I am always
amused by a lighter moment of my life. When my daughter was in high
school, she played the violin. In one of her performances, the orchestra
which accompanied her included an older gentleman in the first violin
section. I later found out that this older gentleman is a great
mathematician, and his name is Eugenio Calabi, who developed, I am
sure you know far more than I do, the so-called Calabi-Yau (丘成桐)
manifolds. So, in a sense, while I did not have the opportunity to listen to
Calabi talking about mathematics, I did hear him playing the violin!
Actually, to me, that is not too regrettable. After all, for me, listening to a
mathematics talk is like listening to an Italian opera: It’s beautiful and I
don’t understand a word of it.
To our distinguished visitors from abroad and domestic, I like to welcome
all of you to sunny Tainan. I like to especially say a special hello to
Professor Iso and all your colleagues from Kyoto University. I should let
you know that because of our structural, intellectual and historical
similarities, NCKU considers your university our “benchmark.” We hope
that NCKU can enter into a deeper and more sustainable relation with
your university so that we can learn more from you.
Since this is a Workshop about differential equations and applications, I
cannot help myself to mention one of the first, if not the first of such an
effort, and what a glorious effort it was. I am sure you can guess which
effort I am referring to. It was the “creation” of the differential
equations by James Clark Maxwell, whose name sake equations
fundamentally and totally explained electromagnetic radiations.
Of course, even for Maxwell equations, there were skeptics, as I am sure
you will find yours in your work. Maxwell’s “critic,” if you can call him
that, was the great Michael Faraday. He wrote the following critique
about Maxwell equations:
“The attention of two very able men and eminent mathematicians (Lord
Kelvin and Sir James Clark Maxwell) has fallen upon my proposition to
represent the magnetic force; and it is to me a source of great
gratification and much encouragement to find that they affirm the
truthfulness and generality of the method of representation.”
This is obviously one of the most elegant ways of saying “I find it hard
to believe that these equations can represent the complex phenomena so
well!” To criticize with such elegance is truly an art that is no longer
present today!
Mathematics and applied mathematics are intellectually ubiquitous. This
is made abundantly clear in the range of topics covered in this Workshop.
In 2005, I attended a conference in Mexico whose main topic was to
apply differential geometry and low dimensional topology (or knots
theory) to unravel the DNA structures. It was truly an eye-opening event
for me, because at the meeting, I saw biological scientists discussing
intensely with applied and pure mathematicians.
During my professional career, which included my dabbling into
mathematical physics, I have always marveled and was, and still am,
deeply impressed that for a mathematician, a sphere is a coset space called
SU(2)/U(1) and a plane is a coset space of H(4)/U(1). Such mathematical
characterizations, and indeed their generalizations, have unlocked the
doors for mathematicians to travel into the deepest areas of human
thoughts. These coset spaces, for example, may be an opportunity for
physicists to apply them to study the “quantum phase space,” a concept
which is important in understanding the elusive “quantum chaos.” Ever
since, I knew that never a mathematician could I be. I learned this many
years ago such intricacies from my former student and now an excellent
NCKU distinguished theoretical physics professor Wei-Min Zhang (張為
Still, maybe because of my limited knowledge of mathematics, I have
always enjoyed listening to great mathematicians speak (opera singing
notwithstanding.) In fact, on May 23
, 1989 in Philadelphia, I was
privileged to invite the great late-Chern to talk on “What is Geometry.” I
should mention that the great late-Chern (陳省身) had a “non-linear
connection” to NCKU in that his son-in-law, Paul Chu (朱經武,) is a
NCKU distinguished alumnus. Paul who for nearly the entire first
decade of the 21st century, was the president of Hong Kong University of
Science and Technology and is of course a globally known scientist;
among his many scientific achievements included the co-discovery of
high temperature superconductivity!
Nevertheless, “armed” with that small and dangerous (and I am sure you
would call insignificant) knowledge of mathematics, it has given me a
deep belief as a university administrator that an irreducible component of
an institution of higher learning must absolutely be that it has outstanding
mathematics and applied mathematics intellectual efforts if it were to
reach the highest level of excellence. It is for this reason that I am so
enthusiastic about your Workshop.
I hope you reach your goal in this Workshop.
For the foreign guests, I hope you have an enjoyable time in Tainan.
Thank you for your attention.

No comments:

Post a Comment